An anonymous reader shares this report from the Washington Post: The exodus of people fleeing large urban areas during the height of the pandemic appears to be reversing, according to data from the Census Bureau released Thursday. Many workers who could telecommute abandoned crowded cities and counties for suburban or rural areas when covid struck, causing demographers and businesses to wonder whether the movement signified a permanent shift. But the overall patterns of population change are moving toward pre-pandemic rates, the bureau's Vintage 2022 estimates of population and components of change show.

Eleven of the 15 largest metro areas gained residents or lost fewer people compared with the previous year, including the D.C. metro area, New York City, the San Francisco Bay Area, and Seattle, according to an analysis by Brookings Institution senior demographer William Frey.... Among the most striking recorded shifts were in Manhattan and San Francisco, both of which lost population at a significant rate between 2020 and 2021. Manhattan, which shrank by 5.87 percent in 2021, grew by 1.11 percent last year. San Francisco lost 6.79 percent of its population in 2021 but shrank by only a third of a percentage point last year. Both are home to a large number of people who were able to work remotely during the pandemic. Covid rates in New York City were especially high early in the pandemic, and many Manhattan residents moved to outlying counties....

"Many counties with large universities saw their populations fully rebound this year as students returned," said Christine Hartley, assistant division chief for estimates and projections in the Census Bureau's population division.
The article also makes the point that immigration into America was temporarily restricted during the pandemic, so outflows never had a chance to be counterbalanced by inflows. And the exodus to the suburbs may have already peaked. Last year Manhattan gained 17,472 people, the article points out, while counties outside the city lost residents. The Census Bureau notes that was a pattern for 2022: "the smallest counties nationally, those with populations below 10,000, experienced more population loss (60.8%) than gains (38.3%); while the largest counties, having populations at or greater than 100,000, largely experienced population increases (68%)."

Beyond that, the executive director of the DC Fiscal Policy Institute argues that it's just too soon to know whether the pandemic-era outflow from cities was permanent. "We've just been through a major health and economic shock. There's been what I call a doomsday narrative about what's going to happen, with predictions of empty downtowns and city centers that wither and die." They believe the new census data "should give us pause in terms of declaring that we've arrived at a new normal. It's highly likely that some of the folks who left will come back, and we really don't know if it's going to be a lot of them or just a small portion."

Today a warning was published from the editorial board of the San Francisco Chronicle. "Experts say post-pandemic woes stemming from office workers staying home instead of commuting into the city could send San Francisco into a 'doom loop' that would gut its tax base, decimate fare-reliant regional transit systems like BART and trap it in an economic death spiral...." Despite our housing crisis, it was years into the COVID pandemic before our leaders meaningfully questioned the logic of reserving some of the most prized real estate on Earth for fickle suburbanites and their cars. Downtown, after all, was San Francisco's golden goose. Companies in downtown offices accounted for 70% of San Francisco's pre-pandemic jobs and generated nearly 80% of its economic output, according to city economist Ted Egan. And so we wasted generous federal COVID emergency funds trying to bludgeon, cajole and pray for office workers to return downtown instead of planning for change. We're now staring down the consequences for that lack of vision.

The San Francisco metropolitan area's economic recovery from the pandemic ranked 24th out of the 25 largest regions in the U.S., besting only Baltimore, according to a report from the Bay Area Council Economic Institute. In the first quarter of 2023, San Francisco's office vacancy rate shot up to a record-high 29.4% — the biggest three-year increase of any U.S. city. The trend isn't likely to end anytime soon: In January, nearly 30% of San Francisco job openings were for hybrid or fully remote work, the highest share of the nation's 50 largest cities. Amid lower property, business and real estate transfer taxes, the city is projecting a $728 million deficit over the next two fiscal years. Transit ridership remains far below pre-pandemic levels. In January, downtown San Francisco BART stations had just 30% of the rider exits they did in 2019, according to a report from Egan's office. Many Bay Area transit agencies, including Muni, are rapidly approaching a fiscal cliff.

San Francisco isn't dead; as of March, it was home to an estimated 173 of the country's 655 companies valued at more than $1 billion. Tourism is beginning to rebound. And new census data shows that San Francisco's population loss is slowing, a sign its pandemic exodus may be coming to an end. But the city can't afford to wait idly for things to reach equilibrium again. It needs to evolve — quickly. Especially downtown. That means rebuilding the neighborhood's fabric, which won't be cheap or easy. Office-to-housing conversions are notoriously tricky and expensive. Demolishing non-historic commercial buildings that no longer serve a purpose in the post-pandemic world is all but banned. And, unlike New York after 9/11, San Francisco is a city that can't seem to stop getting in its own way.
So what's the solution? The CEO of the Bay Area Council suggests public-private partnerships that "could help shift downtown San Francisco's focus from tech — with employees now accustomed to working from home — to research and development, biotech, medical research and manufacturing, which all require in-person workers."

And last week San Francisco's mayor proposed more than 100 changes to streamline the permitting process for small businesses, and on Monday helped introduce legislation making it easier to convert office buildings to housing, expand pop-up business opportunities, and fill some empty storefronts. This follows a February executive order to speed housing construction. The editorial points out that "About 40% of office buildings in downtown San Francisco evaluated in a study would be good candidates for housing due to their physical characteristics and location and could be converted into approximately 11,200 units, according to research from SPUR and the Urban Land Institute San Francisco."

But without some action, the editorial's headline argues that "Downtown San Francisco is at risk of collapsing — and taking much of the Bay Area with it."

An anonymous reader quotes a report from KrebsOnSecurity: Authorities in Germany this week seized Internet servers that powered FlyHosting, a dark web offering that catered to cybercriminals operating DDoS-for-hire services, KrebsOnSecurity has learned. FlyHosting first advertised on cybercrime forums in November 2022, saying it was a Germany-based hosting firm that was open for business to anyone looking for a reliable place to host malware, botnet controllers, or DDoS-for-hire infrastructure. A statement released today by the German Federal Criminal Police Office says they served eight search warrants on March 30, and identified five individuals aged 16-24 suspected of operating "an internet service" since mid-2021. The German authorities did not name the suspects or the Internet service in question.

"Previously unknown perpetrators used the Internet service provided by the suspects in particular for so-called 'DDoS attacks', i.e. the simultaneous sending of a large number of data packets via the Internet for the purpose of disrupting other data processing systems," the statement reads. The German authorities said that as a result of the DDoS attacks facilitated by the defendants, the websites of various companies as well as those of the Hesse police have been overloaded in several cases since mid-2021, "so that they could only be operated to a limited extent or no longer at times." The statement says police seized mobile phones, laptops, tablets, storage media and handwritten notes from the unnamed defendants, and confiscated servers operated by the suspects in Germany, Finland and the Netherlands.

Technical glitch during a scheduled upgrade affected all automated immigration clearance systems and led to rare delays at Singapore's Changi Airport, which recently was again named the world's best airport. ZDNet reports: Long lines were spotted Thursday morning at the country's airport where travelers usually would not need more than mere minutes to clear immigration. In a series of posts on Facebook and Twitter, Singapore's Immigration & Checkpoints Authority (ICA) said it was experiencing "system slowness" at several passenger clearance checkpoints, including all automated departure lanes at all terminals at Changi Airport. Selected automated systems at the Woodlands and Tuas border checkpoints, through which travelers would enter neighboring country Malaysia, also were affected. Immigration systems at coastal checkpoints were the only ones that were not disrupted.

Passengers were advised to postpone non-essential travel and expect delays, as they would be redirected to manual lanes for immigration clearance. By 4pm the same day, automated immigration clearance at all checkpoints were back up and running. ICA said in a statement late-Thursday that preliminary investigations revealed a "technical glitch" had occurred during a pre-scheduled system upgrade, causing an "unanticipated system overload". This brought down the automated immigration clearance systems, which affected all departure terminals at Changi Airport and arrival terminals at Terminals 2 and 4. ICA did not provide details on the system upgrade or whether the procedure was tested before the scheduled live rollout.

Dumb phones may be falling out of fashion on a global scale, but it's a different story in the U.S. From a report: Companies like HMD Global, the maker of Nokia phones, continue to sell millions of mobile devices similar to those used in the early 2000s. This includes what's known as "feature phones" -- traditional flip or slide phones that have additional features like GPS or a hotspot. "I think you can see it with certain Gen Z populations -- they're tired of the screens," said Jose Briones, dumb phone influencer and moderator of the subreddit, "r/dumbphones." "They don't know what is going on with mental health and they're trying to make cutbacks."

In the U.S., feature flip phone sales were up in 2022 for HMD Global, with tens of thousands sold each month. At the same time, HMD's global feature phone sales were down, according to the company. In 2022, almost 80% of feature phone sales in 2022 came from the Middle East, Africa and India, according to Counterpoint Research. But some see that number shifting, as a contingency of young people in the U.S. revert back to dumb or minimalist phones. "In North America, the market for dumb phones is pretty much flatlined," said Moorhead. "But I could see it getting up to 5% increase in the next five years if nothing else, based on the public health concerns that are out there."

"The Gaurdian reports on a document leak from Russian cyber 'security' company Vulkan," writes Slashdot reader Falconhell. From the report: Inside the six-storey building, a new generation is helping Russian military operations. Its weapons are more advanced than those of Peter the Great's era: not pikes and halberds, but hacking and disinformation tools. The software engineers behind these systems are employees of NTC Vulkan. On the surface, it looks like a run-of-the-mill cybersecurity consultancy. However, a leak of secret files from the company has exposed its work bolstering Vladimir Putin's cyberwarfare capabilities.

Thousands of pages of secret documents reveal how Vulkan's engineers have worked for Russian military and intelligence agencies to support hacking operations, train operatives before attacks on national infrastructure, spread disinformation and control sections of the internet. The company's work is linked to the federal security service or FSB, the domestic spy agency; the operational and intelligence divisions of the armed forces, known as the GOU and GRU; and the SVR, Russia's foreign intelligence organization.

One document links a Vulkan cyber-attack tool with the notorious hacking group Sandworm, which the US government said twice caused blackouts in Ukraine, disrupted the Olympics in South Korea and launched NotPetya, the most economically destructive malware in history. Codenamed Scan-V, it scours the internet for vulnerabilities, which are then stored for use in future cyber-attacks. Another system, known as Amezit, amounts to a blueprint for surveilling and controlling the internet in regions under Russia's command, and also enables disinformation via fake social media profiles. A third Vulkan-built system -- Crystal-2V -- is a training program for cyber-operatives in the methods required to bring down rail, air and sea infrastructure. A file explaining the software states: "The level of secrecy of processed and stored information in the product is 'Top Secret'."

The United States and some of its partner countries on Thursday called for strict domestic and international controls to counter the proliferation and misuse of commercial spyware. From a report: The joint statement was issued by the governments of Australia, Canada, Costa Rica, Denmark, France, New Zealand, Norway, Sweden, Switzerland, the United Kingdom, and the United States. The countries said they were committed to preventing the export of technology and equipment to end-users who are likely to use them for "malicious cyber activity." The joint statement also said the countries would share information with each other on spyware proliferation and misuse, including to better identify these tools. On Monday, U.S. President Joseph Biden signed an executive order intended to curb the malicious use of digital spy tools around the globe targeting U.S. personnel and civil society. The new executive order was designed to apply pressure on the secretive industry by placing new restrictions on U.S. government defense, law enforcement and intelligence agencies' purchasing decisions.

Microsoft patched a dangerous security issue in Bing last month just days before it launched a new artificial intelligence-powered version of the search engine. From a report: The problem was discovered by outside researchers at the security firm Wiz. It was created by a mistake in the way that Microsoft configured applications on Azure, its cloud-computing platform, and could be used to gain access to emails and other documents of people who used Bing, the researchers said. Microsoft fixed the problem on Feb. 2, according to Ami Luttwak, Wiz's chief technology officer. Five days later Satya Nadella introduced the new generative AI capabilities to Bing, bringing a renewed interest in Microsoft's 14-year-old search engine. Usage of Bing has jumped, rising to more than 100 million daily active users in the month since the upgrade.

Companies rushing to adopt hot new types of artificial intelligence should exercise caution when using open-source versions of the technology, some of which may not work as advertised or include flaws that hackers can exploit, security researchers say. From a report: There are few ways to know in advance if a particular AI model -- a program made up of algorithms that can do such things as generate text, images and predictions -- is safe, said Hyrum Anderson, distinguished engineer at Robust Intelligence, a machine learning security company that lists the US Defense Department as a client. Anderson said he found that half the publicly available models for classifying images failed 40% of his tests. The goal was to determine whether a malicious actor could alter the outputs of AI programs in a manner that could constitute a security risk or provide incorrect information. Often, models use file types that are particularly prone to security flaws, Anderson said. It's an issue because so many companies are grabbing models from publicly available sources without fully understanding the underlying technology, rather than creating their own. Ninety percent of the companies Robust Intelligence works with download models from Hugging Face, a repository of AI models, he said.

An anonymous reader shares a report: In the midst of perpetrating what federal prosecutors say was a massive corporate hacking campaign, Israeli private detective Aviram Azari in 2017 received welcome news. A group of hackers in India wrote him to say they had successfully infiltrated the email and social-media accounts of a group of environmental activists campaigning against Exxon. "On a happy note I would like to report some success below: Project Name Rainbow," the hackers wrote in electronic messages that were viewed by The Wall Street Journal. The messages included evidence of the successful intrusions, including screenshots of compromised email inboxes.

The messages along with court records reveal new details about the hacking campaign, including that thousands of individuals and companies were targeted and at least some of the attacks resulted in the hackers successfully gaining access to the private accounts of the victims and obtaining their passwords. Among the targets was the Rockefeller Family Fund, a charity created by some of the heirs of John D. Rockefeller, who founded Exxon's forebear Standard Oil. The fund has for years been involved in campaigns arguing that Exxon hid from the public the full extent of what it knew internally about climate change and the role fossil fuels played in causing it.

An anonymous reader shares a report: In a recent video, YouTuber EposVox reports that YouTube is finally rolling out AV1 live-streaming support to the platform, with the tech currently in a beta. AV1 will provide YouTube live streams with a substantial increase in video quality, and allow users to stream at up to 4K 60FPS with Twitch-limited bitrates. EposVox was able to get early access to a development build of OBS 29.1 to check out YouTube's live streaming AV1 capabilities. The newest addition to the AV1 rollout is YouTube live streaming support with AV1. YouTube just rolled out beta support for a new video live-streaming standard known as Enhanced RTMP, which will allow streamers to utilize several of the latest video codecs, including AV1, VP9, and HEVC (H.265) to live stream videos to YouTube.

EposVox was able to test drive Enhanced RTMP, with a development build of OBS 21.9 to stream AV1 gaming content to YouTube directly. According to EposVox, the quality difference is night and day compared to H.264. The quality jump with AV1, allowed him to drive higher quality video to his live stream, and remove pixelation altogether. Just for perspective on how powerful AV1 is, EposVox was able to run an AV1 1440P 60FPS live stream of Halo Infinite at 500kbps - a bitrate 15x lower than the Twitch limit, and the stream was still perfectly watchable. For normal use cases, EposVox found that 8mbps was the sweet spot for 1440P 60FPS, and around 15mbps for 1440P 60FPS. For a perfectly good-looking live stream with none or close to no pixelization. For users that still want to stream 1080P video, all you'll need is a 4MBps bitrate to achieve the same result. This is a night and day difference to H.264 where 8Mbps was about the minimum you want for a high-quality 1080P 60FPS video stream, and even in this situation, pixelation is still very likely to occur with a lot of streams.

Threat actors are exploiting a critical vulnerability in an IBM file-exchange application in hacks that install ransomware on servers, security researchers have warned. From a report: The IBM Aspera Faspex is a centralized file-exchange application that large organizations use to transfer large files or large volumes of files at very high speeds. Rather than relying on TCP-based technologies such as FTP to move files, Aspera uses IBM's proprietary FASP -- short for Fast, Adaptive, and Secure Protocol -- to better utilize available network bandwidth. The product also provides fine-grained management that makes it easy for users to send files to a list of recipients in distribution lists or shared inboxes or workgroups, giving transfers a workflow that's similar to email.

In late January, IBM warned of a critical vulnerability in Aspera versions 4.4.2 Patch Level 1 and earlier and urged users to install an update to patch the flaw. Tracked as CVE-2022-47986, the vulnerability makes it possible for unauthenticated threat actors to remotely execute malicious code by sending specially crafted calls to an outdated programming interface. The ease of exploiting the vulnerability and the damage that could result earned CVE-2022-47986 a severity rating of 9.8 out of a possible 10. On Tuesday, researchers from security firm Rapid7 said they recently responded to an incident in which a customer was breached using the vulnerability.

An anonymous reader quotes a report from KrebsOnSecurity: The United Kingdom's National Crime Agency (NCA) has been busy setting up phony DDoS-for-hire websites that seek to collect information on users, remind them that launching DDoS attacks is illegal, and generally increase the level of paranoia for people looking to hire such services. The NCA says all of its fake so-called "booter" or "stresser" sites -- which have so far been accessed by several thousand people -- have been created to look like they offer the tools and services that enable cyber criminals to execute these attacks.

"However, after users register, rather than being given access to cyber crime tools, their data is collated by investigators," reads an NCA advisory on the program. "Users based in the UK will be contacted by the National Crime Agency or police and warned about engaging in cyber crime. Information relating to those based overseas is being passed to international law enforcement." The NCA declined to say how many phony booter sites it had set up, or for how long they have been running. The NCA says hiring or launching attacks designed to knock websites or users offline is punishable in the UK under the Computer Misuse Act 1990. "Going forward, people who wish to use these services can't be sure who is actually behind them, so why take the risk?" the NCA announcement continues.

Microsoft, extending a frenzy of artificial intelligence software releases, is introducing new chat tools that can help cybersecurity teams ward off hacks and clean up after an attack. From a report: The latest of Microsoft's AI assistant tools -- the software giant likes to call them Copilots -- uses OpenAI's new GPT-4 language system and data specific to the security field, the company said Tuesday. The idea is to help security workers more quickly see connections between various parts of a hack, such as a suspicious email, malicious software file or the parts of the system that were compromised. Microsoft and other security software companies have been using machine-learning techniques to root out suspicious behavior and spot vulnerabilities for several years. But the newest AI technologies allow for faster analysis and add the ability to use plain English questions, making it easier for employees who may not be experts in security or AI. That's important because there's a shortage of workers with these skills, said Vasu Jakkal, Microsoft's vice president for security, compliance, identity and privacy. Hackers, meanwhile, have only gotten faster.

Belgium's intelligence service is scrutinizing the operations of technology giant Huawei as fears of Chinese espionage grow around the EU and NATO headquarters in Brussels, according to confidential documents seen by POLITICO and three people familiar with the matter. From the report: In recent months, Belgium's State Security Service (VSSE) has requested interviews with former employees of the company's lobbying operation in the heart of Brussels' European district. The intelligence gathering is part of security officials' activities to scrutinize how China may be using non-state actors -- including senior lobbyists in Huawei's Brussels office -- to advance the interests of the Chinese state and its Communist party in Europe, said the people, who requested anonymity due to the sensitivity of the matter. The scrutiny of Huawei's EU activities comes as Western security agencies are sounding the alarm over companies with links to China. British, Dutch, Belgian, Czech and Nordic officials -- as well as EU functionaries -- have all been told to stay off TikTok on work phones over concerns similar to those surrounding Huawei, namely that Chinese security legislation forces Chinese tech firms to hand over data. The scrutiny also comes amid growing evidence of foreign states' influence on EU decision-making -- a phenomenon starkly exposed by the recent Qatargate scandal, where the Gulf state sought to influence Brussels through bribes and gifts via intermediary organizations. The Belgian security services are tasked with overseeing operations led by foreign actors around the EU institutions.

The Biden administration on Monday announced a new executive order that would broadly ban U.S. federal agencies from using commercially developed spyware that poses threats to human rights and national security. From a report: The move to ban federal agencies -- including law enforcement, defense and intelligence -- from using commercial spyware comes as officials confirmed that dozens of U.S. government personnel had their phones targeted. Human rights defenders and security researchers have for years warned of the risks posed by commercial spyware, created in the private sector and sold almost exclusively to governments and nation states. [...] In a call with reporters ahead of the order's signing, Biden administration officials said that the United States was trying to get ahead of the problem and set standards for other governments and its allies, which buy and deploy commercial spyware. The order is the latest action taken by the government in recent years, including banning some spyware makers from doing business in the U.S. and passing laws aimed at limiting the use and procurement of spyware by federal agencies.

Security researchers at Moscow-based Kaspersky Lab have identified and outlined potential malware in versions of PDD Holdings' Chinese shopping app Pinduoduo, days after Google suspended it from its Android app store. From a report: In one of the first public accountings of the malicious code, Kaspersky laid out how the app could elevate its own privileges to undermine user privacy and data security. It tested versions of the app distributed through a local app store in China, where Huawei Technologies, Tencent Holdings and Xiaomi run some of the biggest app markets. Kaspersky's findings, shared with Bloomberg News, were among the clearest explanations from an independent security team for what triggered Google's action and malware warning last week. The cybersecurity firm, which has played a role in uncovering some of the biggest cyberattacks in history, said it found evidence that earlier versions of Pinduoduo exploited system software vulnerabilities to install backdoors and gain unauthorized access to user data and notifications. Those conclusions agreed in large part with those of researchers that had posted their discoveries online in past weeks, though Bloomberg News hasn't verified the authenticity of the earlier reports.

An anonymous reader shares this report from the New York Post: Disgruntled Amazon corporate employees are reportedly devastated after a top human resources executive shot down an internal petition that asked the tech giant's leaders to nix its return-to-office plan. Approximately 30,000 workers had signed a petition begging CEO Andy Jassy to cancel his directive that most employees work on site at least three days per week. The return-to-office plan is slated to take effect on May 1.

Beth Galetti, Amazon's HR chief, shot down the petition in a message to organizers obtained by Insider and signaled that the return-to-office plan will move forward as scheduled. "Given the large size of our workforce and our wide range of businesses and customers, we recognize this transition may take time, but we are confident it will result in long-term benefits to increasing our ability to deliver for our customers, bolstering our culture, and growing and developing employees," Galetti said in the memo....

In the petition, which first surfaced last month, Amazon workers argued they are more productive and enjoy a better work-life balance in a remote work environment. The workers also asserted that the three-day-per-week requirement runs contrary to Amazon's stances on issues such as affordable housing, diversity and climate change.... Meanwhile, Jassy has argued that working more days on site will help build effective collaboration and "deliver for customers and the business."

GitHub has rotated its private SSH key for GitHub.com after the secret was was accidentally published in a public GitHub repository. BleepingComputer reports: The software development and version control service says, the private RSA key was only "briefly" exposed, but that it took action out of "an abundance of caution." In a succinct blog post published today, GitHub acknowledged discovering this week that the RSA SSH private key for GitHub.com had been ephemerally exposed in a public GitHub repository.

"We immediately acted to contain the exposure and began investigating to understand the root cause and impact," writes Mike Hanley, GitHub's Chief Security Officer and SVP of Engineering. "We have now completed the key replacement, and users will see the change propagate over the next thirty minutes. Some users may have noticed that the new key was briefly present beginning around 02:30 UTC during preparations for this change." As some may notice, only GitHub.com's RSA SSH key has been impacted and replaced. No change is required for ECDSA or Ed25519 users.

New submitter Kitkoan writes: Hackers had gained control of Linus Tech Tips' YouTube channel to promote a cryptocurrency scam. Earlier on Thursday, hackers had gained control of the Linus Tech Tips YouTube channel and used it to promote a fake crypto giveaway that falsely used the name of Elon Musk and the Tesla brand (obviously without the permission of either party). Thankfully, the Linus Tech Tips crew quickly worked to re-establish control of the channel, but not before the channel had started two live streams to promote AI, chat GPT, Bitcoin, and their aforementioned (fake) crypto giveaway.